US20200034456A1 - Process for establishing trust between multiple autonomous systems for the purposes of command and control - Google Patents

Process for establishing trust between multiple autonomous systems for the purposes of command and control Download PDF

Info

Publication number
US20200034456A1
US20200034456A1 US16/044,129 US201816044129A US2020034456A1 US 20200034456 A1 US20200034456 A1 US 20200034456A1 US 201816044129 A US201816044129 A US 201816044129A US 2020034456 A1 US2020034456 A1 US 2020034456A1
Authority
US
United States
Prior art keywords
level
data packet
server
message
backbone server
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
US16/044,129
Other versions
US10650023B2 (en
Inventor
Evan MONTGOMERY-RECHT
James J. TER BEEST
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Booz Allen Hamilton Inc
Original Assignee
Booz Allen Hamilton Inc
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Booz Allen Hamilton Inc filed Critical Booz Allen Hamilton Inc
Priority to US16/044,129 priority Critical patent/US10650023B2/en
Assigned to BOOZ ALLEN HAMILTON, INC. reassignment BOOZ ALLEN HAMILTON, INC. ASSIGNMENT OF ASSIGNORS INTEREST (SEE DOCUMENT FOR DETAILS). Assignors: MONTGOMERY-RECHT, EVAN, TER BEEST, James J.
Priority to PCT/US2019/034514 priority patent/WO2020023109A1/en
Publication of US20200034456A1 publication Critical patent/US20200034456A1/en
Priority to US16/843,257 priority patent/US11392615B2/en
Application granted granted Critical
Publication of US10650023B2 publication Critical patent/US10650023B2/en
Active legal-status Critical Current
Adjusted expiration legal-status Critical

Links

Images

Classifications

    • G06F17/30283
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F16/00Information retrieval; Database structures therefor; File system structures therefor
    • G06F16/20Information retrieval; Database structures therefor; File system structures therefor of structured data, e.g. relational data
    • G06F16/27Replication, distribution or synchronisation of data between databases or within a distributed database system; Distributed database system architectures therefor
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/12Applying verification of the received information
    • H04L63/123Applying verification of the received information received data contents, e.g. message integrity
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/06Network architectures or network communication protocols for network security for supporting key management in a packet data network
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0861Generation of secret information including derivation or calculation of cryptographic keys or passwords
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3236Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using cryptographic hash functions
    • H04L9/3239Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using cryptographic hash functions involving non-keyed hash functions, e.g. modification detection codes [MDCs], MD5, SHA or RIPEMD
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3236Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using cryptographic hash functions
    • H04L9/3242Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using cryptographic hash functions involving keyed hash functions, e.g. message authentication codes [MACs], CBC-MAC or HMAC
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/50Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols using hash chains, e.g. blockchains or hash trees
    • H04L2209/38

Definitions

  • An aspect of the present disclosure provides a method and a system for trusted, unidirectional communications for command and control systems.
  • Bi-directional communications are often a prerequisite for command and control communications due to the multiple asynchronous exchanges of cryptographic keys, subsequent encrypted messaging in support of command issuance.
  • This practice best achieves confidentiality, integrity, and availability (CIA) of the communications that satisfies organizational information assurance requirements.
  • CIA confidentiality, integrity, and availability
  • PoA Proof-of-authority
  • arrays can be private instantiations and pre-designated by a trusted authority, such as the Department of Defense (DoD).
  • Validators can be elected members that have special privileges to submit blocks to be added to the chain, which are checked by other validators.
  • a PoA system can include a block proposer, which is anyone that hasn't submitted the previous block, and that proposed block is checked and voted on by the remaining validators. If the majority agrees on it, it is added to the chain.
  • the validator pool can vote on adding/removing validators, which is passed by a majority vote.
  • Three conditions for establishing a PoA validator can be: 1) identity to be formally verified on-chain, with permissiveness to cross-check the information from that specific distribution; and 2) eligibility to be difficult to obtain; and 3) uniformity in the checks and procedures for establishing an authority.
  • PoA offers demonstrable differences and potential advantages from Proof of Stake (PoS), because in PoS, while a stake between two parties may be even, it does not take into account each party's total holdings.
  • the PoS mechanism works using an algorithm that selects participants with the highest stakes as validators, assuming that the highest stakeholders are incentivized to ensure a transaction is processed. This means that incentives can be unbalanced.
  • PoA can also be considered an alternative to Proof of Work (PoW) because PoW uses an enormous amount of computing power, which, in itself lowers incentive.
  • the PoW consensus uses a mining mechanism that works by verifying that work (mining) has been done before transactions are carried out. PoW is also vulnerable to attack, as a potential attacker would only need to have 51° A of the mining resources (hashrate) to control a network.
  • PoA only allows non-consecutive block approval from a group of established and controlled validators, meaning that the risk of serious damage is minimized. PoA is suited for both private and public networks.
  • a computer-automated method for securing unidirectional communication within a network comprising orchestrating an automated arrangement and/or coordination of at least one portion of a message using a top-level orchestration server; transmitting a first data packet from the top-level orchestration server to a first primary backbone server, wherein the first data packet is a first portion of the message; authenticating the first data packet using the first primary backbone server; transmitting a second data packet from the first primary backbone server to a second primary backbone server, wherein the second data packet is a second portion of the message and/or the second data packet includes a modified first data packet; and authenticating the second data packet using the second primary backbone server.
  • a computer-automated method for securing unidirectional communication within a network comprising receiving, in an orchestrated manner, at least one portion of a message at a first receiving node; assembling the received at least one portion into a first combined message at the first receiving node; executing the first combined message at the first receiving node; receiving, in an orchestrated manner, the at least one portion of the message at a second receiving node; assembling the received at least one portion into a second combined message at the second receiving node; executing the second combined message at the second receiving node; authenticating, at the second receiving node, the executing of the first combined message by the first receiving node; and authenticating, at the first receiving node, the executing of the second combined message by the second receiving node.
  • a system for securing unidirectional communication within a network comprising a top-level orchestration server configured to orchestrate an automated arrangement and/or coordination of at least one portion of a message; a first primary backbone server configured to receive a first data packet from the top-level orchestration server, and authenticate the first data packet, wherein the first data packet is a first portion of the message; and a second primary backbone server configured to receive a second data packet from the first primary backbone server, and authenticate the second data packet, wherein the second data packet is a second portion of the message, and/or the second data packet includes a modified first data packet.
  • FIG. 1 illustrates exemplary conceptual component view of all systems working as an integrated, multi-tiered proof-of-authority command and control infrastructure
  • FIG. 2 illustrates exemplary individual components of the command and control system
  • FIG. 3 illustrates exemplary subcomponent messaging within each block for Top-level, Secondary Level, and X Level proof-of-authority instantiations
  • FIG. 4 illustrates a flowchart illustrating processing of a message at receiving nodes.
  • An aspect of the present disclosure relates to a technique to establish trust communications from command and control authority systems to autonomous devices receiving instructions in uncontrolled and often austere environments.
  • Cyber attackers can use command and control infrastructure to issue command and control instructions to their victims.
  • Analysis of command and control methodologies can be used to identify attackers, associate attacks, disrupt ongoing malicious activity, and provide an indication of network security.
  • Network security can relate to the policies and practices adopted to prevent and monitor unauthorized access, misuse, modification, or denial of a computer network and network-accessible resources.
  • Network security can involve the authorization of access to data in a network, which may be controlled by the network administrator.
  • Network security can cover a variety of computer networks, both public and private, that are used in everyday jobs; conducting transactions and communications among businesses, government agencies and individuals.
  • Networks can be private, such as within a company, and others which might be open to public access.
  • Network security can be involved in organizations, enterprises, and other types of institutions. An indication of network security may provide information related to whether the network is secure or has been breached.
  • An aspect of the present disclosure can leverage a proof-of-authority blockchain system that can be used to generate an ongoing data channel.
  • This data channel can be a sequential series of cryptographic messages that can be distributed over one or more transmission systems 130 , such as a globally available satellite network 150 , and can also be transmitted across terrestrial wireless 146 or wired networks.
  • a globally available satellite network 150 can include satellites that can relay and/or amplify radio telecommunications signals via a transponder, thereby creating a communication channel between a source transmitter and a receiver at different locations on Earth.
  • the network of satellites can be used for television, telephone, radio, internet, military applications, or other applications.
  • Global satellite networks such as Iridium, Globalstar and Orbcomm, can include dozens of similar satellites which are put in orbit at regularly spaced positions and form a mesh network, sometimes sending and receiving information directly among them.
  • Terrestrial wireless networks can use Earth-based transmitters and receivers for communications.
  • Wired networks can transfer data over a wire-based communication technology.
  • a single router may be used to connect all the computers. Larger networks can involve multiple routers or switches that connect to each other.
  • Waveguide electromagneticism
  • Local telephone networks can form the basis for wired communications that are used by both residential and business customers in the area.
  • Wired networks can use fiber-optic communication technology as a means of providing clear signaling for both inbound and outbound transmissions.
  • Synchronous methods can include a data transfer method characterized by a continuous stream of data in the form of signals which can be accompanied by regular timing signals generated by a clocking mechanism that can ensure that both the sender and receiver are synchronized with each other.
  • Asynchronous communication can include exchange of messages by reading and responding as schedules permit.
  • a common precision clock can be used to ensure integrity is not lost among intra-node block messages which may be distributed among multiple command and control systems.
  • a receiver can validate time from multiple 3 rd party sources such as GPS, NIST, etc. and reassemble each time-stamped block based on the instructions provided in the block payloads.
  • a primary data channel of the ongoing data channel can be a top-level hierarchal cryptographic stream that can be sent over a globally-available system 130 .
  • the top-level system 110 can also provide a means for lower level systems 120 to create a forked system that can instantiate secondary and/or tertiary command and control networks with segregated purposes, e.g., geographical, organizational, spectral, temporal, operational, and/or other technical purposes.
  • An impact and usefulness of the present disclosure can be to leverage highly controlled, globally available, communications systems that can operate as a top-level publisher.
  • distributions systems 130 such as global satellite systems
  • the instantiation of distributions systems 130 can establish a means to provide real-time, global visibility, redundant, reliable, and parallel views (using multiple spectrums and transmissions mediums, etc.) that can mitigate question of authenticity and/or malicious intent.
  • Messaging can be intended for direct recipients and simultaneously as a hierarchal data channel for secondary/tertiary command and control (C2) distribution systems which can inherit and retransmit immutable trust from the hierarchal system. All messaging (from primary and tertiary systems) can potentially be seen by the end recipient to measure authenticity. Verifiable temporal actions taken by other participants in the network can help ensure the authenticity of the message by providing a method for other participants to ensure messages received can be validated through independent activities or actions taken by other participants.
  • C2 secondary/tertiary command and control
  • An aspect of the present disclosure relates to a computer-automated method for securing unidirectional communication within a network.
  • a communication within a network can allow data to travel only in one direction and can help in information security. This communication may occur automatically, that is, with little or no direct human control.
  • the method can include orchestrating an automated arrangement and/or coordination of at least one portion of a message 204 using a top-level orchestration server 206 .
  • Orchestration can include having an inherent intelligence and/or implicitly autonomic control that can be an effect of automation or systems deploying elements of control theory.
  • Orchestration can define policies and service levels through automated workflows, provisioning, and change management, thereby creating an application-aligned infrastructure that can be scaled up or down based on the needs of each application.
  • Orchestration can provide centralized management of the resource pool, including billing, metering, and chargeback for consumption. For example, orchestration can reduce the time and effort for deploying multiple instances of a single application, and as more resources or a new application are required, automated tools can perform tasks that previously could only be done by multiple administrators operating on their individual pieces of the physical stack.
  • the method can include transmitting a first data packet 208 from the top-level orchestration server 206 to a first top-level backbone server 210 , wherein the first data packet 208 is a first portion of the message 204 .
  • the first top-level backbone server 210 can be a computer program or a device that can provide functionality for other programs or devices.
  • the method can include authenticating the first data packet using the first top-level backbone server 210 .
  • the authenticating of the first data packet can include confirming an identity of the first data packet 208 at the first top-level backbone server 210 .
  • the method can include transmitting a second data packet 212 from the first top-level backbone server 210 to a second top-level backbone server 214 , wherein the second data packet 212 is a second portion of the message 204 and/or the second data packet 212 includes a modified first data packet.
  • the second top-level backbone server 214 can be a computer program or a device that can provide functionality for other programs or devices.
  • the first data packet 208 and the second data packet 212 can be parts of a precisely timed sequential series of cryptographic messages distributed over a transmission system and/or a network.
  • the second data packet 212 can be a second portion of the message 204 , which is distinct from the first portion of the message 204 .
  • the second data packet 212 can include the first data packet 208 along with additional information.
  • the method can include authenticating the second data packet 212 using the second top-level backbone server 214 .
  • the authenticating of the second data packet 212 can include confirming an identity of the second data packet 212 at the second top-level backbone server 214 .
  • the method can include, after the authentication of the first data packet 208 by the first top-level backbone server 210 , transmitting the authenticated first data packet 216 from the first top-level backbone server 210 to a receiving node 220 .
  • the receiving node 220 can be a device or data point on a network.
  • the receiving node 220 can have an Internet Protocol (IP) address.
  • IP Internet Protocol
  • the receiving node 220 can be a part of a larger data structure, such as linked lists or tree data structures.
  • the method can include, after the authentication of the second data packet 212 by the second top-level backbone server 214 , transmitting the authenticated second data packet 218 from the second top-level backbone server 214 to the receiving node 220 , wherein the second data packet 212 is the second portion of the message 204 .
  • the second data packet 212 can be distinct from the first data packet 208 .
  • the method can include transmitting the authenticated second data packet 218 from the second top-level backbone server 214 to the receiving node 220 before the transmission of the authenticated first data packet 216 from the first top-level backbone server 210 to the receiving node 220 .
  • the transmission of the authenticated second data packet 218 to the receiving node 220 can occur before the transmission of the authenticated first data packet 216 to the receiving node 220 .
  • the transmission of the authenticated second data packet 218 to the receiving node 220 can also occur after the transmission of the authenticated first data packet 216 to the receiving node 220 .
  • the method can include, in combination with a receiving node 220 , assembling, at the receiving node 220 , the authenticated first data packet 216 and the authenticated second data packet 218 to form the message 204 .
  • the authenticated first data packet 216 , the authenticated second data packet 218 , and/or other portions of the message can be combined to form the whole message 204 at the receiving node 220 .
  • the method can include receiving at least one portion of the message 204 at a lower level orchestration server 252 and orchestrating an automated arrangement and/or coordination of the at least one portion of the message 204 using the lower level orchestration server 252 .
  • the method can include transmitting one or more portions of at least one portion of the message from the lower level orchestration server 252 to a first lower level backbone server 254 .
  • the method can include authenticating, using the first lower level backbone server 254 , the one or more portions of the message transmitted to the first lower level backbone server 254 .
  • the first lower level backbone server 254 , the first top-level backbone server 210 , and the second top-level backbone server 214 can be a part of a hierarchical control system 200 such that the first top-level backbone server 210 and the second top-level backbone server 214 are arranged at a top-level of the hierarchical control system 200 , and the first lower level backbone server 254 is arranged at least one level lower than the top-level of the hierarchical control system 200 .
  • the hierarchical control system 200 can include many controlled servers to transmit sequential messages. These controlled servers can be arranged at many different levels of the hierarchical control system 200 .
  • FIG. 2 shows n th top-level backbone server 224 arranged at the top-level, and n th lower-level backbone server 256 arranged at a lower level.
  • Each of the servers can use more than one kind of processors or cores.
  • the processors or cores can incorporate specialized processing capabilities to handle particular tasks.
  • the hierarchical control system 200 can be a form of a control system in which a set of devices and governing software can be arranged in a hierarchical tree.
  • that hierarchical control system can also be a form of networked control system.
  • Each element of the hierarchy can be a linked node in the tree. Commands, tasks and goals to be achieved can flow down the tree from superior nodes to subordinate nodes, whereas sensations and command results can flow up the tree from subordinate to superior nodes. Nodes may also exchange messages with their siblings.
  • Each higher layer of the tree can operate with a longer interval of planning and execution time than its immediately lower layer.
  • the lower layers can have local tasks, goals, and sensations, and their activities can be planned and coordinated by higher layers which may not override their decisions.
  • the layers can form a hybrid intelligent system in which the lowest, reactive layers can be sub-symbolic.
  • the higher layers, having relaxed time constraints, are capable of reasoning from an abstract world model and can perform planning.
  • the method can include receiving the message 204 at the top-level orchestration server 206 from a command and control (C2) messaging server 202 .
  • the command and control messaging server 202 can create a new message and transmits at least one portion of the message to the top-level orchestration server 206 that is further transmitted to one or more servers in the hierarchical control system 200 , thereby maintaining an ongoing messaging primer.
  • the servers in the hierarchical control system 200 can determine the authenticity of the most recent message, and plan for the next timed message. This form of sequential messaging is known as proof-of-authority.
  • the method can include generating the message using the top-level orchestration server 206 .
  • the top-level orchestration server 206 can also create a new message and transmit at least one portion of the message to one or more servers in the hierarchical control system 200 .
  • the method can include generating, by the first top-level backbone server 210 , one or more reports based on the authentication of the first data packet 208 .
  • the method can include generating, by the second top-level backbone server 214 , one or more reports based on the authentication of the second data packet 212 .
  • the one or more reports can include event reports from different monitors that can correlate activity to identify attacks causing disturbances and/or suspicious activities in one or more network entities.
  • Streams of event records can be derived from discarded traffic (i.e., packets not allowed through the gateway because they violate filtering rules), pass-through traffic (i.e., packets allowed into the internal network from external sources), packets having a common protocol (e.g., all ICMP (Internet Control Message Protocol) packets that reach the gateway), packets involving network connection management (e.g., SYN, RESET, ACK, [window resize]), and packets targeting ports to which an administrator has not assigned any network service and that also remain unblocked by the firewall.
  • discarded traffic i.e., packets not allowed through the gateway because they violate filtering rules
  • pass-through traffic i.e., packets allowed into the internal network from external sources
  • packets having a common protocol e.g., all ICMP (Internet Control Message Protocol) packet
  • Event streams may also be based on packet source addresses (e.g., packets whose source addresses match well-known external sites such as satellite offices or have raised suspicion from other monitoring efforts) or destination addresses (e.g., packets whose destination addresses match a given internal host or workstation). Selection can also implement application-layer monitoring (e.g., packets targeting a particular network service or application). Event records can also be produced from other sources of network packet information such as report logs produced by network entities.
  • packet source addresses e.g., packets whose source addresses match well-known external sites such as satellite offices or have raised suspicion from other monitoring efforts
  • destination addresses e.g., packets whose destination addresses match a given internal host or workstation.
  • Selection can also implement application-layer monitoring (e.g., packets targeting a particular network service or application).
  • Event records can also be produced from other sources of network packet information such as report logs produced by network entities.
  • the method can include deploying a plurality of servers on the network, wherein the plurality of servers includes at least one of the top-level orchestration server 206 , the first top-level backbone server 210 , and the second top-level backbone server 214 .
  • Deploying a server can include, but is not limited to, installing operating system, installing applications, configuring network settings (such as IP address, and default gateway), patching the server into the LAN switch, configuring appropriate firewall rules to allow required access to the server, and adding the server into monitoring and management platforms.
  • the plurality of servers may be deployed with multiple silos.
  • the method can include, after the authentication of the second data packet 212 by the second top-level backbone server 214 , transmitting the authenticated second data packet 218 from the second top-level backbone server to a receiving node, wherein the second data packet 212 includes the first data packet 208 and a top-level key 310 , the top-level key 310 includes at least one of a cryptographic nonce 312 , hashing information 314 , timestamp information 316 , and payload information 318 .
  • the payload information 318 may be encrypted.
  • the payload information 318 can include at least one of Recipient Address(es) 319 , next top-level nonce for a lower level 321 , command structure header for top-level 323 , top-level issued command or direction to follow a lower level command or truncated message repackaging instructions 325 , and software defined command truncation 327 .
  • a data packet and/or a message as described in this application can be a unique file including standard components of a block: the cryptographic hash of the previous block, the timestamp, a nonce (one-time pseudo-random number), payload information, temporal data, and mathematical algorithms. This can be identical to common forms of blockchain such as Bitcoin and Ethereum.
  • a data packet as described in this application can be a unit of data made into a single package that travels along a given network path.
  • the top-level key 310 can be a parameter that can determine a functional output of a cryptographic algorithm. For encryption algorithms, the top-level key 310 can specify a transformation of plaintext into cipher-text, and a transformation of cipher-text into plaintext for decryption algorithms.
  • the cryptographic nonce 316 can be an arbitrary number that can be used just once.
  • the cryptographic nonce 316 can be a random or pseudo-random number that can be issued in an authentication protocol to ensure that old communications cannot be reused in replay attacks.
  • the hashing information 312 can include a function that can be used to map data of any size to a fixed size.
  • a data structure called a hash table can be used in for rapid data lookup.
  • Hash functions can accelerate table or database lookup by detecting duplicated records in a large file.
  • a cryptographic hash function can easily verify that input data maps to a given hash value, but if the input data is unknown; it is deliberately difficult to reconstruct it (or any equivalent alternatives) by knowing the stored hash value. This feature can be used for assuring integrity of transmitted data, and is the building block for HMACs, which provide message authentication.
  • the timestamp information 314 can include a sequence of characters or encoded information identifying when a certain event occurred by providing a date and time information.
  • the payload information 318 can be a data to be transmitted that can be encapsulated in a frame composed of framing bits and a frame check sequence.
  • the payload information 318 can be owner/user defined.
  • An aspect of the present disclosure relates to a computer-automated method for securing unidirectional communication within a network.
  • This method can include receiving, in an orchestrated manner, at least one portion of a message 402 at a first receiving node 410 , assembling 412 the received at least one portion of the message 402 into a first combined message 413 at the first receiving node 410 , and executing 414 the first combined message 413 at the first receiving node 410 .
  • the method can include receiving, in an orchestrated manner, the at least one portion of the message 402 at a second receiving node 420 , assembling 422 the received at least one portion of the message 402 into a second combined message 423 at the second receiving node 420 , and executing 424 the second combined message 423 at the second receiving node 420 .
  • the executing of the combined messages can include a process by which a computer or a virtual machine performs the instructions of a computer program.
  • the instructions in the program can trigger sequences of simple actions on the executing machine. Those actions can produce effects according to the semantics of the instructions in the program.
  • the first and second receiving nodes can be devices or data points on a network.
  • the nodes can have an Internet Protocol (IP) address.
  • IP Internet Protocol
  • the nodes can be a part of a larger data structure, such as linked lists or tree data structures.
  • the received portions of the message can be combined to form the whole message at the receiving nodes.
  • the method can include authenticating at the second receiving node 426 , the executing of the first combined message by the first receiving node 415 , and authenticating at the first receiving node 416 , the executing of the second combined message by the second receiving node 425 .
  • the authenticating of the messages can include confirming an identity of messages at the receiving nodes.
  • the method can include generating by the first receiving node 410 , a first authentication report 417 based on the authentication of the executing of the second combined message by the second receiving node.
  • the method can include generating by the second receiving node 420 , a second authentication report 427 based on the authentication of the executing of the first combined message by the first receiving node.
  • the methods in the present disclosure can be implemented by a device with a processor with an associated memory.
  • the processor may include any integrated circuit or other electronic device (or collection of devices) capable of performing an operation on at least one instruction including, without limitation, Reduced Instruction Set Core (RISC) processors, CISC microprocessors, Microcontroller Units (MCUs), CISC-based Central Processing Units (CPUs), and Digital Signal Processors (DSPs).
  • RISC Reduced Instruction Set Core
  • MCUs Microcontroller Units
  • CPUs Central Processing Units
  • DSPs Digital Signal Processors
  • the hardware of such devices may be integrated onto a single substrate (e.g., silicon “die”), or distributed among two or more substrates.
  • various functional aspects of the processor may be implemented solely as software or firmware associated with the processor.
  • the associated memory can be volatile (such as RAM), non-volatile (such as ROM, flash memory, etc.) or some combination of the two.
  • the computer memory includes, but is not limited to, RAM, ROM, EEPROM, flash memory or other memory technology CDROM, digital versatile disks (DVD) or other optical storage, magnetic cassettes, magnetic tape, magnetic disk storage or other magnetic storage devices, or any other medium which can be used to store the desired information, and which can be accessed by the device.
  • the associated memory can be a local memory that is specific to a single function or program.
  • the memory can be a remote memory that does not reside in a device or resides in a different device.
  • the memory can be volatile (such as RAM), non-volatile (such as ROM, flash memory, etc.) or some combination of the two.
  • the computer memory includes, but is not limited to, RAM, ROM, EEPROM, flash memory or other memory technology CDROM, digital versatile disks (DVD) or other optical storage, magnetic cassettes, magnetic tape, magnetic disk storage or other magnetic storage devices, or any other medium which can be used to store the desired information, and which can be accessed by the device.
  • the method can include that the associated memory be configured on different types of memory.
  • the associated memory can be configured on a computer-readable medium.
  • computer-readable medium (or “machine-readable medium”) as used herein is an extensible term that refers to any medium or any memory, that participates in providing instructions to a processor, (such as processor) for execution, or any mechanism for storing or transmitting information in a form readable by a machine (e.g., a computer).
  • Such a medium may store computer-executable instructions to be executed by a processing element and/or control logic, and data which is manipulated by a processing element and/or control logic, and may take many forms, including but not limited to, non-volatile medium, volatile medium, and transmission medium.
  • Transmission media includes coaxial cables, copper wire and fiber optics, including the wires that include bus. Transmission media can also take the form of acoustic or light waves, such as those generated during radio-wave and infrared data communications, or other form of propagated signals (e.g., carrier waves, infrared signals, digital signals, etc.).
  • acoustic or light waves such as those generated during radio-wave and infrared data communications, or other form of propagated signals (e.g., carrier waves, infrared signals, digital signals, etc.).
  • Computer-readable media include, for example, a floppy disk, a flexible disk, hard disk, magnetic tape, or any other magnetic medium, a CD-ROM, any other optical medium, punch-cards, paper-tape, any other physical medium with patterns of holes, a RAM, a PROM, and EPROM, a FLASH-EPROM, any other memory chip or cartridge, a carrier wave as described hereinafter, or any other medium from which a computer can read.
  • Various forms of computer-readable media may be involved in carrying one or more sequences of one or more instructions to a processor for execution.
  • the instructions may initially be carried on a magnetic disk of a remote computer.
  • the remote computer can load the instructions into its dynamic memory and send the instructions over a telephone line using a modem.
  • a modem local to computer system can receive the data on the telephone line and use an infra-red transmitter to convert the data to an infra-red signal.
  • An infra-red detector can receive the data carried in the infra-red signal and appropriate circuitry can place the data on bus.
  • Bus carries the data to main memory, from which processor retrieves and executes the instructions.
  • the instructions received by main memory may optionally be stored on storage device either before or after execution by a processor.
  • An aspect of the present disclosure relates to a system for securing unidirectional communication within a network.
  • the system can provide a globally available command and control communication that may not require a direct exchange of information to maintain integrity of the network.
  • the system can include a top-level orchestration server 206 configured to orchestrate an automated arrangement and/or coordination of at least one portion of a message 204 .
  • the system can include a first top-level backbone server 210 configured to receive a first data packet 208 from the top-level orchestration server 206 , and authenticate the first data packet 208 , wherein the first data packet 208 is a first portion of the message 204 .
  • the system can include a second top-level backbone server 214 configured to receive a second data packet 212 from the first top-level backbone server 210 , and authenticate the second data packet 212 , wherein the second data packet 212 is a second portion of the message 204 , and/or the second data packet 212 includes a modified first data packet.
  • a second top-level backbone server 214 configured to receive a second data packet 212 from the first top-level backbone server 210 , and authenticate the second data packet 212 , wherein the second data packet 212 is a second portion of the message 204 , and/or the second data packet 212 includes a modified first data packet.
  • the system can include a receiving node 220 configured to receive an authenticated first data packet 216 from the first top-level backbone server 210 , after the authentication of the first data packet by the first top-level backbone server 210 ; and receive an authenticated second data packet 218 from the second top-level backbone server 214 , after the authentication of the second data packet by the second top-level backbone server 214 , wherein the second data packet 212 is the second portion of the message 204 .
  • a receiving node 220 configured to receive an authenticated first data packet 216 from the first top-level backbone server 210 , after the authentication of the first data packet by the first top-level backbone server 210 ; and receive an authenticated second data packet 218 from the second top-level backbone server 214 , after the authentication of the second data packet by the second top-level backbone server 214 , wherein the second data packet 212 is the second portion of the message 204 .
  • the system can include a receiving node configured to receive an authenticated second data packet 218 from the second top-level backbone server 214 after the authentication of the second data packet by the second top-level backbone server 214 , wherein the second data packet 212 includes the first data packet 208 and a top-level key 310 , the top-level key 310 includes at least one of a cryptographic nonce 312 , hashing information 314 , timestamp information 316 , and payload information 318 .
  • the payload information 318 may be encrypted.
  • the payload information 318 can include at least one of Recipient Address(es) 319 , next top-level nonce for a lower level 321 , command structure header for top-level 323 , top-level issued command or direction to follow a lower level command or truncated message repackaging instructions 325 , and software defined command truncation 327 .
  • the system can include a lower level orchestration server 252 configured to receive at least one portion of the message 204 , and orchestrate an automated arrangement and/or coordination of the at least one portion of the message 204 .
  • the system can include a first lower level backbone server 254 configured to receive one or more portions of the at least one portion of the message from the lower level orchestration server 252 and authenticate the one or more portions.
  • the system can include a hierarchical control system 200 with at least two levels, wherein each level includes at least one server, and wherein the first top-level backbone server 210 and the second top-level backbone server 214 are arranged at a top-level of the hierarchical control system 200 , and the first lower level backbone server 254 is arranged at least one level lower than the top-level.
  • the hierarchical control system 200 can include many controlled servers to transmit sequential messages. These controlled servers can be arranged at many different levels of the hierarchical control system 200 . For example, FIG. 2 shows n th top-level backbone server 224 arranged at the top-level, and n th lower-level backbone server 256 arranged at a lower level.
  • the system can leverage communications networks to broadcast messages from many agnostic lenses.
  • the system can be globally available, regional, or local, such that the radio frequency coverage need only be sized to the coverage of intended recipients.
  • the network can transmit (and be received) in virtually any environment. This can include outside earth's atmosphere, airborne, ground, sea, or sub surface platforms.
  • a temporal aspect of the system provides that the frequency of messages can be established at any interval based on the needs of the organization, technical capabilities of computer arrays that generate new messages, a bandwidth able to communicate the volume of messages, and a capability of a user device to listen to, decrypt, and process the network's traffic.
  • a spectral aspect of the system provides that the frequency of transmission for the system may vary across electromagnetic, optical, or other radiating emissions. This capability can provide significant means to parallelize cryptographic messages to particular organizations, especially when faced with bandwidth constraints, coverage to remote users, or organizations with security challenges.
  • a protocol/channel aspect of the system provides that messages may flow across a network link using different approaches. For instance, a message could be embedded in metadata of an existing streaming multimedia-payload. A message could be routinely sent across different orthogonal channels on the same link. An identical message may also be sent multiple times on different channels (using specific ear-markers to differentiate) to increase likelihood of receipt for custom critical systems.
  • An organizational aspect of the system may be put to use as a nationalized infrastructure but could be used independently as commercial or private system if a subordinate system were put into place for such use.
  • An aspect of the system can be used across multiple domains, where organizations or stakeholders must communicate. Actions taken through other means would generally utilize trust-but-verify methods to ensure multiple domains have a method to validate that actions being requested or taken have a formal verifiable method.
  • Messages in the system can be received by any properly equipped radio receiver that is able to demodulate the RF information, view the payload information, and support actions as prescribed by the messaging (if able to be correctly interpreted—the payload information may be further encrypted by the original sender using external methods).
  • the recipients may be designed to acknowledge receipt of communications via another communications medium, or simply carry out instructions. Examples of this may include an array of low power, long lasting field sensors that broadcast data when an organization sends out a local receiver in the vicinity of the sensors.
  • Regional messaging may include satellite-based natural disaster alerting systems. Local alerts may even target single devices listening for a single instruction to act upon.
  • the receiver can be designed to listen to specific systems licensed with controlled frequencies which could be incredibly dynamic due to software defined radio technologies. Based on the dynamic messaging, the receiver can authenticate the messaging over a time window to begin trusting the systems it is listening to.
  • the system is expected to mitigate malicious behavior due to the real-time nature of messaging, the immutability of the originating signal, and the parallelization of subsequent messages which leverage original primer messaging and respective coordinated timestamps encoded with Universal Coordinated Time (UTC)-calibrated clock sources.
  • UTC Universal Coordinated Time
  • the system can transmit secure information; maintain trustworthy communication, all while only sending information in one direction, with no expectation by the command module of having a direct verification method from intended recipient. Therefore, the system can provide a secure unidirectional communication.
  • the system can operate without an exchange of information to reveal the location of a command and control receiver location. It is optional, however to equip the receiver with an out-of-band method to acknowledge receipt if confirmation is required.
  • the system is easily scalable. Additional servers can be added to increase the frequency of transmissions and integrity of operations. Additionally, any number of secondary or tertiary command and control server groups can be added to scale the granularity of command groups across different transmission systems, organizations, or geographies.
  • the system may use existing infrastructure. No new communications architectures are necessary, only available bandwidth to transmit the information and new servers to instantiate a proof of authority infrastructure.
  • the software defined nature of randomly obfuscating messaging across space, time, spectrum, and protocols (all while encrypting the payloads) provides a means to defend against man-in-the middle attacks and advanced brute force attempts to intercept and decrypt the information in a time necessary to make an impact on the commands issued.
  • the system can provide resilient messaging, where identical command and control messages can be sent in parallel across multiple disparate transmission sources to prevent transmission vulnerabilities across one specific medium (e.g. RF jamming).
  • An aspect of the present disclosure can be used in, but is not limited to, military and defense applications, governmental and non-governmental applications such as communicating disaster relief efforts, autonomous transportation, financial services such as release of financial assets to support activities in remote locations, public utilities such as meter reading, autonomous remote operators such as robots performing a clean-up on a nuclear disaster site, industrial control systems, remote sensing, and agriculture.
  • An aspect of the present disclosure can be used in secure mobile device communications.
  • an application running in the Trusted Execution Environment (TEE) of a mobile phone that could interpret the commands from a low level blockchain command and control system received through the mobile phone's radios and repeat them back through the radios, can direct the activities of phones in a certain area.
  • a specific example of this application can be sending a command to a phone over GSM, and the phone would repeat the command over an 802.11 ad-hoc network or Bluetooth.
  • Recipient phones could repeat the command with their own signature applied, alerting the community of phones as to the number of phones in an area.
  • a payload could be executed. For example, for changing transmission frequency or key updates, or creating a Pokemon Go target or issuing a Groupon.

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • General Engineering & Computer Science (AREA)
  • Computing Systems (AREA)
  • Computer Hardware Design (AREA)
  • Databases & Information Systems (AREA)
  • Theoretical Computer Science (AREA)
  • Power Engineering (AREA)
  • Data Mining & Analysis (AREA)
  • Physics & Mathematics (AREA)
  • General Physics & Mathematics (AREA)
  • Data Exchanges In Wide-Area Networks (AREA)

Abstract

A computer-automated method for securing unidirectional communication within a network. The method includes orchestrating an automated arrangement and/or coordination of at least one portion of a message using a top-level orchestration server, transmitting a first data packet from the top-level orchestration server to a first top-level backbone server, wherein the first data packet is a first portion of the message, and authenticating the first data packet using the first top-level backbone server. The method can include transmitting a second data packet from the first top-level backbone server to a second top-level backbone server, wherein the second data packet is a second portion of the message and/or the second data packet includes a modified first data packet and authenticating the second data packet using the second top-level backbone server.

Description

    FIELD
  • An aspect of the present disclosure provides a method and a system for trusted, unidirectional communications for command and control systems.
    • BACKGROUND INFORMATION
  • It is desirable for organizations with command and control responsibilities to electronically communicate with devices in distributed geographic locations. This activity is critical in order to successfully exercise authority and direction by a properly designated operator over assigned resources in accomplishing a common goal. Issuing command and control instructions in this vein is often challenging due to devices residing in non-ideal conditions attempting to perform bi-directional network communications.
  • Bi-directional communications are often a prerequisite for command and control communications due to the multiple asynchronous exchanges of cryptographic keys, subsequent encrypted messaging in support of command issuance. This practice best achieves confidentiality, integrity, and availability (CIA) of the communications that satisfies organizational information assurance requirements. In order to achieve communications CIA, significant technical resources are often required and often at a great expense to the organization.
  • Proof-of-authority (PoA) is an algorithm used with blockchains that delivers comparatively fast transactions through a group consensus mechanism based on identity as a stake. In PoA-based networks, transactions and blocks are validated by approved accounts, known as validators. Validators run software allowing them to put transactions in blocks.
  • With PoA, arrays can be private instantiations and pre-designated by a trusted authority, such as the Department of Defense (DoD). Validators can be elected members that have special privileges to submit blocks to be added to the chain, which are checked by other validators. A PoA system can include a block proposer, which is anyone that hasn't submitted the previous block, and that proposed block is checked and voted on by the remaining validators. If the majority agrees on it, it is added to the chain. The validator pool can vote on adding/removing validators, which is passed by a majority vote.
  • Three conditions for establishing a PoA validator can be: 1) identity to be formally verified on-chain, with permissiveness to cross-check the information from that specific distribution; and 2) eligibility to be difficult to obtain; and 3) uniformity in the checks and procedures for establishing an authority.
  • PoA offers demonstrable differences and potential advantages from Proof of Stake (PoS), because in PoS, while a stake between two parties may be even, it does not take into account each party's total holdings. The PoS mechanism works using an algorithm that selects participants with the highest stakes as validators, assuming that the highest stakeholders are incentivized to ensure a transaction is processed. This means that incentives can be unbalanced.
  • PoA can also be considered an alternative to Proof of Work (PoW) because PoW uses an enormous amount of computing power, which, in itself lowers incentive. The PoW consensus uses a mining mechanism that works by verifying that work (mining) has been done before transactions are carried out. PoW is also vulnerable to attack, as a potential attacker would only need to have 51° A of the mining resources (hashrate) to control a network.
  • On the other hand, PoA only allows non-consecutive block approval from a group of established and controlled validators, meaning that the risk of serious damage is minimized. PoA is suited for both private and public networks.
    • SUMMARY
  • A computer-automated method for securing unidirectional communication within a network is disclosed, the method comprising orchestrating an automated arrangement and/or coordination of at least one portion of a message using a top-level orchestration server; transmitting a first data packet from the top-level orchestration server to a first primary backbone server, wherein the first data packet is a first portion of the message; authenticating the first data packet using the first primary backbone server; transmitting a second data packet from the first primary backbone server to a second primary backbone server, wherein the second data packet is a second portion of the message and/or the second data packet includes a modified first data packet; and authenticating the second data packet using the second primary backbone server.
  • A computer-automated method for securing unidirectional communication within a network is disclosed, the method comprising receiving, in an orchestrated manner, at least one portion of a message at a first receiving node; assembling the received at least one portion into a first combined message at the first receiving node; executing the first combined message at the first receiving node; receiving, in an orchestrated manner, the at least one portion of the message at a second receiving node; assembling the received at least one portion into a second combined message at the second receiving node; executing the second combined message at the second receiving node; authenticating, at the second receiving node, the executing of the first combined message by the first receiving node; and authenticating, at the first receiving node, the executing of the second combined message by the second receiving node.
  • A system for securing unidirectional communication within a network is disclosed, the system comprising a top-level orchestration server configured to orchestrate an automated arrangement and/or coordination of at least one portion of a message; a first primary backbone server configured to receive a first data packet from the top-level orchestration server, and authenticate the first data packet, wherein the first data packet is a first portion of the message; and a second primary backbone server configured to receive a second data packet from the first primary backbone server, and authenticate the second data packet, wherein the second data packet is a second portion of the message, and/or the second data packet includes a modified first data packet.
    • BRIEF DESCRIPTION OF THE DRAWINGS
  • Other objects and advantages of the present disclosure will become apparent to those skilled in the art upon reading the following detailed description of exemplary embodiments, in conjunction with the accompanying drawings, in which like reference numerals have been used to designate like elements, and in which:
  • FIG. 1 illustrates exemplary conceptual component view of all systems working as an integrated, multi-tiered proof-of-authority command and control infrastructure;
  • FIG. 2 illustrates exemplary individual components of the command and control system;
  • FIG. 3 illustrates exemplary subcomponent messaging within each block for Top-level, Secondary Level, and X Level proof-of-authority instantiations; and
  • FIG. 4 illustrates a flowchart illustrating processing of a message at receiving nodes.
    •  DETAILED DESCRIPTION
  • An aspect of the present disclosure relates to a technique to establish trust communications from command and control authority systems to autonomous devices receiving instructions in uncontrolled and often austere environments. Cyber attackers can use command and control infrastructure to issue command and control instructions to their victims. Analysis of command and control methodologies can be used to identify attackers, associate attacks, disrupt ongoing malicious activity, and provide an indication of network security.
  • Network security can relate to the policies and practices adopted to prevent and monitor unauthorized access, misuse, modification, or denial of a computer network and network-accessible resources. Network security can involve the authorization of access to data in a network, which may be controlled by the network administrator. Network security can cover a variety of computer networks, both public and private, that are used in everyday jobs; conducting transactions and communications among businesses, government agencies and individuals. Networks can be private, such as within a company, and others which might be open to public access. Network security can be involved in organizations, enterprises, and other types of institutions. An indication of network security may provide information related to whether the network is secure or has been breached.
  • An aspect of the present disclosure can leverage a proof-of-authority blockchain system that can be used to generate an ongoing data channel. This data channel can be a sequential series of cryptographic messages that can be distributed over one or more transmission systems 130, such as a globally available satellite network 150, and can also be transmitted across terrestrial wireless 146 or wired networks.
  • A globally available satellite network 150 can include satellites that can relay and/or amplify radio telecommunications signals via a transponder, thereby creating a communication channel between a source transmitter and a receiver at different locations on Earth. The network of satellites can be used for television, telephone, radio, internet, military applications, or other applications. Global satellite networks, such as Iridium, Globalstar and Orbcomm, can include dozens of similar satellites which are put in orbit at regularly spaced positions and form a mesh network, sometimes sending and receiving information directly among them.
  • Terrestrial wireless networks can use Earth-based transmitters and receivers for communications. Wired networks can transfer data over a wire-based communication technology. In a small wired network, a single router may be used to connect all the computers. Larger networks can involve multiple routers or switches that connect to each other. Waveguide (electromagnetism), used for high-power applications, can also be considered as wired line. Local telephone networks can form the basis for wired communications that are used by both residential and business customers in the area. Wired networks can use fiber-optic communication technology as a means of providing clear signaling for both inbound and outbound transmissions.
  • All these networks can operate both via synchronous or asynchronous methods. Synchronous methods can include a data transfer method characterized by a continuous stream of data in the form of signals which can be accompanied by regular timing signals generated by a clocking mechanism that can ensure that both the sender and receiver are synchronized with each other. Asynchronous communication can include exchange of messages by reading and responding as schedules permit. A common precision clock can be used to ensure integrity is not lost among intra-node block messages which may be distributed among multiple command and control systems. A receiver can validate time from multiple 3rd party sources such as GPS, NIST, etc. and reassemble each time-stamped block based on the instructions provided in the block payloads.
  • A primary data channel of the ongoing data channel can be a top-level hierarchal cryptographic stream that can be sent over a globally-available system 130. The top-level system 110 can also provide a means for lower level systems 120 to create a forked system that can instantiate secondary and/or tertiary command and control networks with segregated purposes, e.g., geographical, organizational, spectral, temporal, operational, and/or other technical purposes.
  • An impact and usefulness of the present disclosure can be to leverage highly controlled, globally available, communications systems that can operate as a top-level publisher. The instantiation of distributions systems 130 (such as global satellite systems) can establish a means to provide real-time, global visibility, redundant, reliable, and parallel views (using multiple spectrums and transmissions mediums, etc.) that can mitigate question of authenticity and/or malicious intent. Messaging can be intended for direct recipients and simultaneously as a hierarchal data channel for secondary/tertiary command and control (C2) distribution systems which can inherit and retransmit immutable trust from the hierarchal system. All messaging (from primary and tertiary systems) can potentially be seen by the end recipient to measure authenticity. Verifiable temporal actions taken by other participants in the network can help ensure the authenticity of the message by providing a method for other participants to ensure messages received can be validated through independent activities or actions taken by other participants.
  • An aspect of the present disclosure relates to a computer-automated method for securing unidirectional communication within a network. Such a communication within a network can allow data to travel only in one direction and can help in information security. This communication may occur automatically, that is, with little or no direct human control.
  • The method can include orchestrating an automated arrangement and/or coordination of at least one portion of a message 204 using a top-level orchestration server 206. Orchestration can include having an inherent intelligence and/or implicitly autonomic control that can be an effect of automation or systems deploying elements of control theory. Orchestration can define policies and service levels through automated workflows, provisioning, and change management, thereby creating an application-aligned infrastructure that can be scaled up or down based on the needs of each application. Orchestration can provide centralized management of the resource pool, including billing, metering, and chargeback for consumption. For example, orchestration can reduce the time and effort for deploying multiple instances of a single application, and as more resources or a new application are required, automated tools can perform tasks that previously could only be done by multiple administrators operating on their individual pieces of the physical stack.
  • The method can include transmitting a first data packet 208 from the top-level orchestration server 206 to a first top-level backbone server 210, wherein the first data packet 208 is a first portion of the message 204. The first top-level backbone server 210 can be a computer program or a device that can provide functionality for other programs or devices. The method can include authenticating the first data packet using the first top-level backbone server 210. The authenticating of the first data packet can include confirming an identity of the first data packet 208 at the first top-level backbone server 210.
  • The method can include transmitting a second data packet 212 from the first top-level backbone server 210 to a second top-level backbone server 214, wherein the second data packet 212 is a second portion of the message 204 and/or the second data packet 212 includes a modified first data packet. The second top-level backbone server 214 can be a computer program or a device that can provide functionality for other programs or devices. The first data packet 208 and the second data packet 212 can be parts of a precisely timed sequential series of cryptographic messages distributed over a transmission system and/or a network. The second data packet 212 can be a second portion of the message 204, which is distinct from the first portion of the message 204. The second data packet 212 can include the first data packet 208 along with additional information.
  • The method can include authenticating the second data packet 212 using the second top-level backbone server 214. The authenticating of the second data packet 212 can include confirming an identity of the second data packet 212 at the second top-level backbone server 214.
  • The method can include, after the authentication of the first data packet 208 by the first top-level backbone server 210, transmitting the authenticated first data packet 216 from the first top-level backbone server 210 to a receiving node 220. The receiving node 220 can be a device or data point on a network. The receiving node 220 can have an Internet Protocol (IP) address. The receiving node 220 can be a part of a larger data structure, such as linked lists or tree data structures.
  • The method can include, after the authentication of the second data packet 212 by the second top-level backbone server 214, transmitting the authenticated second data packet 218 from the second top-level backbone server 214 to the receiving node 220, wherein the second data packet 212 is the second portion of the message 204. The second data packet 212 can be distinct from the first data packet 208.
  • The method can include transmitting the authenticated second data packet 218 from the second top-level backbone server 214 to the receiving node 220 before the transmission of the authenticated first data packet 216 from the first top-level backbone server 210 to the receiving node 220. The transmission of the authenticated second data packet 218 to the receiving node 220 can occur before the transmission of the authenticated first data packet 216 to the receiving node 220. The transmission of the authenticated second data packet 218 to the receiving node 220 can also occur after the transmission of the authenticated first data packet 216 to the receiving node 220.
  • The method can include, in combination with a receiving node 220, assembling, at the receiving node 220, the authenticated first data packet 216 and the authenticated second data packet 218 to form the message 204. The authenticated first data packet 216, the authenticated second data packet 218, and/or other portions of the message can be combined to form the whole message 204 at the receiving node 220.
  • The method can include receiving at least one portion of the message 204 at a lower level orchestration server 252 and orchestrating an automated arrangement and/or coordination of the at least one portion of the message 204 using the lower level orchestration server 252.
  • The method can include transmitting one or more portions of at least one portion of the message from the lower level orchestration server 252 to a first lower level backbone server 254. The method can include authenticating, using the first lower level backbone server 254, the one or more portions of the message transmitted to the first lower level backbone server 254. The first lower level backbone server 254, the first top-level backbone server 210, and the second top-level backbone server 214 can be a part of a hierarchical control system 200 such that the first top-level backbone server 210 and the second top-level backbone server 214 are arranged at a top-level of the hierarchical control system 200, and the first lower level backbone server 254 is arranged at least one level lower than the top-level of the hierarchical control system 200.
  • The hierarchical control system 200 can include many controlled servers to transmit sequential messages. These controlled servers can be arranged at many different levels of the hierarchical control system 200. For example, FIG. 2 shows nth top-level backbone server 224 arranged at the top-level, and nth lower-level backbone server 256 arranged at a lower level. Each of the servers can use more than one kind of processors or cores. The processors or cores can incorporate specialized processing capabilities to handle particular tasks.
  • The hierarchical control system 200 can be a form of a control system in which a set of devices and governing software can be arranged in a hierarchical tree. When the links in the hierarchical tree are implemented by a computer network, then that hierarchical control system can also be a form of networked control system. Each element of the hierarchy can be a linked node in the tree. Commands, tasks and goals to be achieved can flow down the tree from superior nodes to subordinate nodes, whereas sensations and command results can flow up the tree from subordinate to superior nodes. Nodes may also exchange messages with their siblings. Each higher layer of the tree can operate with a longer interval of planning and execution time than its immediately lower layer. The lower layers can have local tasks, goals, and sensations, and their activities can be planned and coordinated by higher layers which may not override their decisions. The layers can form a hybrid intelligent system in which the lowest, reactive layers can be sub-symbolic. The higher layers, having relaxed time constraints, are capable of reasoning from an abstract world model and can perform planning.
  • The method can include receiving the message 204 at the top-level orchestration server 206 from a command and control (C2) messaging server 202. The command and control messaging server 202 can create a new message and transmits at least one portion of the message to the top-level orchestration server 206 that is further transmitted to one or more servers in the hierarchical control system 200, thereby maintaining an ongoing messaging primer. The servers in the hierarchical control system 200 can determine the authenticity of the most recent message, and plan for the next timed message. This form of sequential messaging is known as proof-of-authority.
  • The method can include generating the message using the top-level orchestration server 206. The top-level orchestration server 206 can also create a new message and transmit at least one portion of the message to one or more servers in the hierarchical control system 200.
  • The method can include generating, by the first top-level backbone server 210, one or more reports based on the authentication of the first data packet 208. The method can include generating, by the second top-level backbone server 214, one or more reports based on the authentication of the second data packet 212.
  • The one or more reports can include event reports from different monitors that can correlate activity to identify attacks causing disturbances and/or suspicious activities in one or more network entities. Streams of event records can be derived from discarded traffic (i.e., packets not allowed through the gateway because they violate filtering rules), pass-through traffic (i.e., packets allowed into the internal network from external sources), packets having a common protocol (e.g., all ICMP (Internet Control Message Protocol) packets that reach the gateway), packets involving network connection management (e.g., SYN, RESET, ACK, [window resize]), and packets targeting ports to which an administrator has not assigned any network service and that also remain unblocked by the firewall. Event streams may also be based on packet source addresses (e.g., packets whose source addresses match well-known external sites such as satellite offices or have raised suspicion from other monitoring efforts) or destination addresses (e.g., packets whose destination addresses match a given internal host or workstation). Selection can also implement application-layer monitoring (e.g., packets targeting a particular network service or application). Event records can also be produced from other sources of network packet information such as report logs produced by network entities.
  • The method can include deploying a plurality of servers on the network, wherein the plurality of servers includes at least one of the top-level orchestration server 206, the first top-level backbone server 210, and the second top-level backbone server 214. Deploying a server can include, but is not limited to, installing operating system, installing applications, configuring network settings (such as IP address, and default gateway), patching the server into the LAN switch, configuring appropriate firewall rules to allow required access to the server, and adding the server into monitoring and management platforms. The plurality of servers may be deployed with multiple silos.
  • The method can include, after the authentication of the second data packet 212 by the second top-level backbone server 214, transmitting the authenticated second data packet 218 from the second top-level backbone server to a receiving node, wherein the second data packet 212 includes the first data packet 208 and a top-level key 310, the top-level key 310 includes at least one of a cryptographic nonce 312, hashing information 314, timestamp information 316, and payload information 318. The payload information 318 may be encrypted. The payload information 318 can include at least one of Recipient Address(es) 319, next top-level nonce for a lower level 321, command structure header for top-level 323, top-level issued command or direction to follow a lower level command or truncated message repackaging instructions 325, and software defined command truncation 327.
  • A data packet and/or a message as described in this application can be a unique file including standard components of a block: the cryptographic hash of the previous block, the timestamp, a nonce (one-time pseudo-random number), payload information, temporal data, and mathematical algorithms. This can be identical to common forms of blockchain such as Bitcoin and Ethereum. A data packet as described in this application can be a unit of data made into a single package that travels along a given network path. The top-level key 310 can be a parameter that can determine a functional output of a cryptographic algorithm. For encryption algorithms, the top-level key 310 can specify a transformation of plaintext into cipher-text, and a transformation of cipher-text into plaintext for decryption algorithms. The cryptographic nonce 316 can be an arbitrary number that can be used just once. The cryptographic nonce 316 can be a random or pseudo-random number that can be issued in an authentication protocol to ensure that old communications cannot be reused in replay attacks.
  • The hashing information 312 can include a function that can be used to map data of any size to a fixed size. A data structure called a hash table can be used in for rapid data lookup. Hash functions can accelerate table or database lookup by detecting duplicated records in a large file. A cryptographic hash function can easily verify that input data maps to a given hash value, but if the input data is unknown; it is deliberately difficult to reconstruct it (or any equivalent alternatives) by knowing the stored hash value. This feature can be used for assuring integrity of transmitted data, and is the building block for HMACs, which provide message authentication.
  • The timestamp information 314 can include a sequence of characters or encoded information identifying when a certain event occurred by providing a date and time information. The payload information 318 can be a data to be transmitted that can be encapsulated in a frame composed of framing bits and a frame check sequence. The payload information 318 can be owner/user defined.
  • An aspect of the present disclosure relates to a computer-automated method for securing unidirectional communication within a network. This method can include receiving, in an orchestrated manner, at least one portion of a message 402 at a first receiving node 410, assembling 412 the received at least one portion of the message 402 into a first combined message 413 at the first receiving node 410, and executing 414 the first combined message 413 at the first receiving node 410.
  • The method can include receiving, in an orchestrated manner, the at least one portion of the message 402 at a second receiving node 420, assembling 422 the received at least one portion of the message 402 into a second combined message 423 at the second receiving node 420, and executing 424 the second combined message 423 at the second receiving node 420. The executing of the combined messages can include a process by which a computer or a virtual machine performs the instructions of a computer program. The instructions in the program can trigger sequences of simple actions on the executing machine. Those actions can produce effects according to the semantics of the instructions in the program.
  • The first and second receiving nodes can be devices or data points on a network. The nodes can have an Internet Protocol (IP) address. The nodes can be a part of a larger data structure, such as linked lists or tree data structures. The received portions of the message can be combined to form the whole message at the receiving nodes.
  • The method can include authenticating at the second receiving node 426, the executing of the first combined message by the first receiving node 415, and authenticating at the first receiving node 416, the executing of the second combined message by the second receiving node 425. The authenticating of the messages can include confirming an identity of messages at the receiving nodes. The method can include generating by the first receiving node 410, a first authentication report 417 based on the authentication of the executing of the second combined message by the second receiving node. The method can include generating by the second receiving node 420, a second authentication report 427 based on the authentication of the executing of the first combined message by the first receiving node.
  • The methods in the present disclosure can be implemented by a device with a processor with an associated memory. The processor may include any integrated circuit or other electronic device (or collection of devices) capable of performing an operation on at least one instruction including, without limitation, Reduced Instruction Set Core (RISC) processors, CISC microprocessors, Microcontroller Units (MCUs), CISC-based Central Processing Units (CPUs), and Digital Signal Processors (DSPs). The hardware of such devices may be integrated onto a single substrate (e.g., silicon “die”), or distributed among two or more substrates. Furthermore, various functional aspects of the processor may be implemented solely as software or firmware associated with the processor. The associated memory can be volatile (such as RAM), non-volatile (such as ROM, flash memory, etc.) or some combination of the two. The computer memory includes, but is not limited to, RAM, ROM, EEPROM, flash memory or other memory technology CDROM, digital versatile disks (DVD) or other optical storage, magnetic cassettes, magnetic tape, magnetic disk storage or other magnetic storage devices, or any other medium which can be used to store the desired information, and which can be accessed by the device.
  • The associated memory can be a local memory that is specific to a single function or program. The memory can be a remote memory that does not reside in a device or resides in a different device. Depending on the exact configuration and type of computing device, the memory can be volatile (such as RAM), non-volatile (such as ROM, flash memory, etc.) or some combination of the two. The computer memory includes, but is not limited to, RAM, ROM, EEPROM, flash memory or other memory technology CDROM, digital versatile disks (DVD) or other optical storage, magnetic cassettes, magnetic tape, magnetic disk storage or other magnetic storage devices, or any other medium which can be used to store the desired information, and which can be accessed by the device.
  • The method can include that the associated memory be configured on different types of memory. In an embodiment, the associated memory can be configured on a computer-readable medium. The term “computer-readable medium” (or “machine-readable medium”) as used herein is an extensible term that refers to any medium or any memory, that participates in providing instructions to a processor, (such as processor) for execution, or any mechanism for storing or transmitting information in a form readable by a machine (e.g., a computer). Such a medium may store computer-executable instructions to be executed by a processing element and/or control logic, and data which is manipulated by a processing element and/or control logic, and may take many forms, including but not limited to, non-volatile medium, volatile medium, and transmission medium. Transmission media includes coaxial cables, copper wire and fiber optics, including the wires that include bus. Transmission media can also take the form of acoustic or light waves, such as those generated during radio-wave and infrared data communications, or other form of propagated signals (e.g., carrier waves, infrared signals, digital signals, etc.). Forms of computer-readable media include, for example, a floppy disk, a flexible disk, hard disk, magnetic tape, or any other magnetic medium, a CD-ROM, any other optical medium, punch-cards, paper-tape, any other physical medium with patterns of holes, a RAM, a PROM, and EPROM, a FLASH-EPROM, any other memory chip or cartridge, a carrier wave as described hereinafter, or any other medium from which a computer can read.
  • Various forms of computer-readable media may be involved in carrying one or more sequences of one or more instructions to a processor for execution. For example, the instructions may initially be carried on a magnetic disk of a remote computer. The remote computer can load the instructions into its dynamic memory and send the instructions over a telephone line using a modem. A modem local to computer system can receive the data on the telephone line and use an infra-red transmitter to convert the data to an infra-red signal. An infra-red detector can receive the data carried in the infra-red signal and appropriate circuitry can place the data on bus. Bus carries the data to main memory, from which processor retrieves and executes the instructions. The instructions received by main memory may optionally be stored on storage device either before or after execution by a processor.
  • An aspect of the present disclosure relates to a system for securing unidirectional communication within a network. The system can provide a globally available command and control communication that may not require a direct exchange of information to maintain integrity of the network.
  • The system can include a top-level orchestration server 206 configured to orchestrate an automated arrangement and/or coordination of at least one portion of a message 204. The system can include a first top-level backbone server 210 configured to receive a first data packet 208 from the top-level orchestration server 206, and authenticate the first data packet 208, wherein the first data packet 208 is a first portion of the message 204.
  • The system can include a second top-level backbone server 214 configured to receive a second data packet 212 from the first top-level backbone server 210, and authenticate the second data packet 212, wherein the second data packet 212 is a second portion of the message 204, and/or the second data packet 212 includes a modified first data packet.
  • The system can include a receiving node 220 configured to receive an authenticated first data packet 216 from the first top-level backbone server 210, after the authentication of the first data packet by the first top-level backbone server 210; and receive an authenticated second data packet 218 from the second top-level backbone server 214, after the authentication of the second data packet by the second top-level backbone server 214, wherein the second data packet 212 is the second portion of the message 204.
  • The system can include a receiving node configured to receive an authenticated second data packet 218 from the second top-level backbone server 214 after the authentication of the second data packet by the second top-level backbone server 214, wherein the second data packet 212 includes the first data packet 208 and a top-level key 310, the top-level key 310 includes at least one of a cryptographic nonce 312, hashing information 314, timestamp information 316, and payload information 318. The payload information 318 may be encrypted. The payload information 318 can include at least one of Recipient Address(es) 319, next top-level nonce for a lower level 321, command structure header for top-level 323, top-level issued command or direction to follow a lower level command or truncated message repackaging instructions 325, and software defined command truncation 327.
  • The system can include a lower level orchestration server 252 configured to receive at least one portion of the message 204, and orchestrate an automated arrangement and/or coordination of the at least one portion of the message 204. The system can include a first lower level backbone server 254 configured to receive one or more portions of the at least one portion of the message from the lower level orchestration server 252 and authenticate the one or more portions.
  • The system can include a hierarchical control system 200 with at least two levels, wherein each level includes at least one server, and wherein the first top-level backbone server 210 and the second top-level backbone server 214 are arranged at a top-level of the hierarchical control system 200, and the first lower level backbone server 254 is arranged at least one level lower than the top-level. The hierarchical control system 200 can include many controlled servers to transmit sequential messages. These controlled servers can be arranged at many different levels of the hierarchical control system 200. For example, FIG. 2 shows nth top-level backbone server 224 arranged at the top-level, and nth lower-level backbone server 256 arranged at a lower level.
  • The system can leverage communications networks to broadcast messages from many agnostic lenses. For example, in a geospatial environment, the system can be globally available, regional, or local, such that the radio frequency coverage need only be sized to the coverage of intended recipients. In addition, the network can transmit (and be received) in virtually any environment. This can include outside earth's atmosphere, airborne, ground, sea, or sub surface platforms.
  • A temporal aspect of the system provides that the frequency of messages can be established at any interval based on the needs of the organization, technical capabilities of computer arrays that generate new messages, a bandwidth able to communicate the volume of messages, and a capability of a user device to listen to, decrypt, and process the network's traffic.
  • A spectral aspect of the system provides that the frequency of transmission for the system may vary across electromagnetic, optical, or other radiating emissions. This capability can provide significant means to parallelize cryptographic messages to particular organizations, especially when faced with bandwidth constraints, coverage to remote users, or organizations with security challenges.
  • Similar to the spectral aspect, a protocol/channel aspect of the system provides that messages may flow across a network link using different approaches. For instance, a message could be embedded in metadata of an existing streaming multimedia-payload. A message could be routinely sent across different orthogonal channels on the same link. An identical message may also be sent multiple times on different channels (using specific ear-markers to differentiate) to increase likelihood of receipt for custom critical systems.
  • An organizational aspect of the system may be put to use as a nationalized infrastructure but could be used independently as commercial or private system if a subordinate system were put into place for such use. An aspect of the system can be used across multiple domains, where organizations or stakeholders must communicate. Actions taken through other means would generally utilize trust-but-verify methods to ensure multiple domains have a method to validate that actions being requested or taken have a formal verifiable method.
  • Messages in the system can be received by any properly equipped radio receiver that is able to demodulate the RF information, view the payload information, and support actions as prescribed by the messaging (if able to be correctly interpreted—the payload information may be further encrypted by the original sender using external methods). The recipients may be designed to acknowledge receipt of communications via another communications medium, or simply carry out instructions. Examples of this may include an array of low power, long lasting field sensors that broadcast data when an organization sends out a local receiver in the vicinity of the sensors. Regional messaging may include satellite-based natural disaster alerting systems. Local alerts may even target single devices listening for a single instruction to act upon.
  • The receiver can be designed to listen to specific systems licensed with controlled frequencies which could be incredibly dynamic due to software defined radio technologies. Based on the dynamic messaging, the receiver can authenticate the messaging over a time window to begin trusting the systems it is listening to. The system is expected to mitigate malicious behavior due to the real-time nature of messaging, the immutability of the originating signal, and the parallelization of subsequent messages which leverage original primer messaging and respective coordinated timestamps encoded with Universal Coordinated Time (UTC)-calibrated clock sources.
  • The system and the associated method have many advantages. For example, the system can transmit secure information; maintain trustworthy communication, all while only sending information in one direction, with no expectation by the command module of having a direct verification method from intended recipient. Therefore, the system can provide a secure unidirectional communication. The system can operate without an exchange of information to reveal the location of a command and control receiver location. It is optional, however to equip the receiver with an out-of-band method to acknowledge receipt if confirmation is required.
  • The system is easily scalable. Additional servers can be added to increase the frequency of transmissions and integrity of operations. Additionally, any number of secondary or tertiary command and control server groups can be added to scale the granularity of command groups across different transmission systems, organizations, or geographies.
  • The system may use existing infrastructure. No new communications architectures are necessary, only available bandwidth to transmit the information and new servers to instantiate a proof of authority infrastructure. The software defined nature of randomly obfuscating messaging across space, time, spectrum, and protocols (all while encrypting the payloads) provides a means to defend against man-in-the middle attacks and advanced brute force attempts to intercept and decrypt the information in a time necessary to make an impact on the commands issued. The system can provide resilient messaging, where identical command and control messages can be sent in parallel across multiple disparate transmission sources to prevent transmission vulnerabilities across one specific medium (e.g. RF jamming).
  • An aspect of the present disclosure can be used in, but is not limited to, military and defense applications, governmental and non-governmental applications such as communicating disaster relief efforts, autonomous transportation, financial services such as release of financial assets to support activities in remote locations, public utilities such as meter reading, autonomous remote operators such as robots performing a clean-up on a nuclear disaster site, industrial control systems, remote sensing, and agriculture.
  • An aspect of the present disclosure can be used in secure mobile device communications. For example, an application running in the Trusted Execution Environment (TEE) of a mobile phone that could interpret the commands from a low level blockchain command and control system received through the mobile phone's radios and repeat them back through the radios, can direct the activities of phones in a certain area. A specific example of this application can be sending a command to a phone over GSM, and the phone would repeat the command over an 802.11 ad-hoc network or Bluetooth. Recipient phones could repeat the command with their own signature applied, alerting the community of phones as to the number of phones in an area. When a critical mass of phones is claimed in the command message, a payload could be executed. For example, for changing transmission frequency or key updates, or creating a Pokemon Go target or issuing a Groupon.
  • It will be appreciated by those skilled in the art that the present disclosure can be embodied in other specific forms without departing from the spirit or essential characteristics thereof. The presently disclosed embodiments are therefore considered in all respects to be illustrative and not restricted. The scope of the disclosure is indicated by the appended claims rather than the foregoing description and all changes that come within the meaning and range and equivalence thereof are intended to be embraced therein.

Claims (18)

1. A computer-automated method for securing unidirectional communication within a network, the method comprising:
orchestrating an automated arrangement and/or coordination of at least one portion of a message using a top-level orchestration server;
transmitting a first data packet from the top-level orchestration server to a first top-level backbone server, wherein the first data packet is a first portion of the message;
authenticating the first data packet using the first top-level backbone server;
transmitting a second data packet from the first top-level backbone server to a second top-level backbone server, wherein the second data packet is a second portion of the message and/or the second data packet includes a modified first data packet, and the top-level orchestration server, the first top-level backbone server and the second top-level backbone server are arranged at a same level of hierarchy; and
authenticating the second data packet using the second top-level backbone server.
2. The method of claim 1, comprising:
after the authentication of the first data packet by the first top-level backbone server, transmitting the first data packet from the first top-level backbone server to a receiving node; and
after the authentication of the second data packet by the second top-level backbone server, transmitting the second data packet from the second top-level backbone server to the receiving node, wherein the second data packet is the second portion of the message.
3. The method of claim 2, comprising:
transmitting the second data packet from the second top-level backbone server to the receiving node before the transmission of the first data packet from the first top-level backbone server to the receiving node.
4. The method of claim 3, in combination with a receiving node, the method comprising:
assembling, at the receiving node, the first data packet and the second data packet to form the message.
5. The method of claim 1, comprising:
after the authentication of the second data packet by the second top-level backbone server, transmitting the second data packet from the second top-level backbone server to a receiving node, wherein the second data packet includes the first data packet and a top-level key, the top-level key includes at least one of a cryptographic nonce, hashing information, timestamp information, and payload information.
6. The method of claim 1, comprising:
receiving at least one portion of the message at a lower level orchestration server;
orchestrating an automated arrangement and/or coordination of the at least one portion of the message using the lower level orchestration server;
transmitting one or more portions of the at least one portion of the message from the lower level orchestration server to a first lower level backbone server; and
authenticating, using the first lower level backbone server, the one or more portions of the message transmitted to the first lower level backbone server, wherein the first lower level backbone server, the first top-level backbone server, and the second top-level backbone server are part of a hierarchical control system such that the first top-level backbone server and the second top-level backbone server are arranged at a top-level of the hierarchical control system, and the first lower level backbone server is arranged at least one level lower than the top-level.
7. The method of claim 1, comprising:
receiving the message at the top-level orchestration server from a command and control messaging server.
8. The method of claim 1, comprising:
generating the message using the top-level orchestration server.
9. The method of claim 1, comprising:
generating, by the first top-level backbone server, one or more reports based on the authentication of the first data packet.
10. The method of claim 1, comprising:
generating, by the second top-level backbone server, one or more reports based on the authentication of the second data packet.
11. The method of claim 1, comprising:
deploying a plurality of servers on the network, wherein the plurality of servers include at least one of the top-level orchestration server, the first top-level backbone server, and the second top-level backbone server.
12. A computer-automated method for securing unidirectional communication within a network, the method comprising:
receiving, in an orchestrated manner, at least one portion of a message at a first receiving node;
assembling the received at least one portion of the message into a first combined message at the first receiving node;
executing the first combined message at the first receiving node;
receiving, in an orchestrated manner, the at least one portion of the message at a second receiving node;
assembling the received at least one portion of the message into a second combined message at the second receiving node;
executing the second combined message at the second receiving node;
authenticating, at the second receiving node, the executing of the first combined message by the first receiving node; and
authenticating, at the first receiving node, the executing of the second combined message by the second receiving node.
13. The method of claim 12, comprising:
generating, by the first receiving node, a first authentication report based on the authentication of the executing of the second combined message by the second receiving node.
14. The method of claim 12, comprising:
generating, by the second receiving node, a second authentication report based on the authentication of the executing of the first combined message by the first receiving node.
15. A system for securing unidirectional communication within a network, the system comprising:
a top-level orchestration server configured to orchestrate an automated arrangement and/or coordination of at least one portion of a message;
a first top-level backbone server configured to receive a first data packet from the top-level orchestration server, and authenticate the first data packet, wherein the first data packet is a first portion of the message; and
a second top-level backbone server configured to receive a second data packet from the first top-level backbone server, and authenticate the second data packet, wherein the second data packet is a second portion of the message, and/or the second data packet includes a modified first data packet, and the top-level orchestration server, the first top-level backbone server and the second top-level backbone server are arranged at a same level of hierarchy.
16. The system of claim 15, comprising:
a receiving node configured to:
receive the first data packet from the first top-level backbone server, after the authentication of the first data packet by the first top-level backbone server; and receive the second data packet from the second top-level backbone server, after the authentication of the second data packet by the second top-level backbone server, wherein the second data packet is the second portion of the message.
17. The system of claim 15, comprising:
a receiving node configured to:
receive the second data packet from the second top-level backbone server after the authentication of the second data packet by the second top-level backbone server, wherein the second data packet includes the first data packet and a key, the key includes at least one of a cryptographic nonce, hashing information, timestamp information, and payload information.
18. The system of claim 15, comprising:
a lower level orchestration server configured to receive at least one portion of the message, and orchestrate an automated arrangement and/or coordination of the at least one portion of the message;
a first lower level backbone server configured to receive one or more portions of the at least one portion of the message from the lower level orchestration server and authenticate the one or more portions; and
a hierarchical control system with at least two levels, wherein each level includes at least one server, and wherein the first top-level backbone server and the second top-level backbone server are arranged at a top-level of the hierarchical control system, and the first lower level backbone server is arranged at least one level lower than the top-level.
US16/044,129 2018-07-24 2018-07-24 Process for establishing trust between multiple autonomous systems for the purposes of command and control Active 2038-08-07 US10650023B2 (en)

Priority Applications (3)

Application Number Priority Date Filing Date Title
US16/044,129 US10650023B2 (en) 2018-07-24 2018-07-24 Process for establishing trust between multiple autonomous systems for the purposes of command and control
PCT/US2019/034514 WO2020023109A1 (en) 2018-07-24 2019-05-30 Process and system for establishing unidirectional trusted messaging via heterogeneous and hierarchical computing platforms
US16/843,257 US11392615B2 (en) 2018-07-24 2020-04-08 Process for establishing trust between multiple autonomous systems for the purposes of command and control

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
US16/044,129 US10650023B2 (en) 2018-07-24 2018-07-24 Process for establishing trust between multiple autonomous systems for the purposes of command and control

Related Child Applications (1)

Application Number Title Priority Date Filing Date
US16/843,257 Division US11392615B2 (en) 2018-07-24 2020-04-08 Process for establishing trust between multiple autonomous systems for the purposes of command and control

Publications (2)

Publication Number Publication Date
US20200034456A1 true US20200034456A1 (en) 2020-01-30
US10650023B2 US10650023B2 (en) 2020-05-12

Family

ID=69178445

Family Applications (2)

Application Number Title Priority Date Filing Date
US16/044,129 Active 2038-08-07 US10650023B2 (en) 2018-07-24 2018-07-24 Process for establishing trust between multiple autonomous systems for the purposes of command and control
US16/843,257 Active 2038-09-03 US11392615B2 (en) 2018-07-24 2020-04-08 Process for establishing trust between multiple autonomous systems for the purposes of command and control

Family Applications After (1)

Application Number Title Priority Date Filing Date
US16/843,257 Active 2038-09-03 US11392615B2 (en) 2018-07-24 2020-04-08 Process for establishing trust between multiple autonomous systems for the purposes of command and control

Country Status (2)

Country Link
US (2) US10650023B2 (en)
WO (1) WO2020023109A1 (en)

Cited By (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US10791143B1 (en) * 2019-06-26 2020-09-29 Alibaba Group Holding Limited Anti-replay device based on memory space interchange
US11386428B2 (en) 2018-08-07 2022-07-12 Advanced New Technologies Co., Ltd. Dual transaction method and system based on centralization and decentralization
US11611439B2 (en) * 2019-06-11 2023-03-21 Celo Foundation Tree structure for byzantine fault tolerance
US20230328105A1 (en) * 2022-04-12 2023-10-12 Fortinel, Inc. Systems and methods for implementing a family policy using a cooperative security fabric
US12099997B1 (en) 2020-01-31 2024-09-24 Steven Mark Hoffberg Tokenized fungible liabilities

Families Citing this family (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US11682095B2 (en) 2020-02-25 2023-06-20 Mark Coast Methods and apparatus for performing agricultural transactions

Family Cites Families (39)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US6517587B2 (en) * 1998-12-08 2003-02-11 Yodlee.Com, Inc. Networked architecture for enabling automated gathering of information from Web servers
US6367009B1 (en) 1998-12-17 2002-04-02 International Business Machines Corporation Extending SSL to a multi-tier environment using delegation of authentication and authority
US7003555B1 (en) * 2000-06-23 2006-02-21 Cloudshield Technologies, Inc. Apparatus and method for domain name resolution
US20020199096A1 (en) 2001-02-25 2002-12-26 Storymail, Inc. System and method for secure unidirectional messaging
US7280823B2 (en) 2000-08-15 2007-10-09 Lockheed Martin Corporation Method and apparatus for determining the context of a handheld device
US7203837B2 (en) * 2001-04-12 2007-04-10 Microsoft Corporation Methods and systems for unilateral authentication of messages
US7133905B2 (en) * 2002-04-09 2006-11-07 Akamai Technologies, Inc. Method and system for tiered distribution in a content delivery network
US7581100B2 (en) * 2003-09-02 2009-08-25 Authernative, Inc. Key generation method for communication session encryption and authentication system
US8161164B2 (en) 2006-04-28 2012-04-17 Microsoft Corporation Authorizing service requests in multi-tiered applications
JP2008199436A (en) * 2007-02-15 2008-08-28 Sony Corp Communication system, information processor, information processing method, and computer program
US9191623B2 (en) * 2008-12-15 2015-11-17 Adobe Systems Incorporated Transmitting datastreams to late joining broadcast subscribers
US7890627B1 (en) * 2009-09-02 2011-02-15 Sophos Plc Hierarchical statistical model of internet reputation
KR20130024996A (en) * 2011-08-24 2013-03-11 한국전자통신연구원 Method for packet source authentication using single-buffered hash in multicast environment and apparatus for the same
FR2992506B1 (en) 2012-06-25 2014-06-20 Sigfox Wireless METHOD FOR AUTHENTICATING DATA PACKETS RECEIVED BY A STATION OF A DIGITAL TELECOMMUNICATIONS SYSTEM
US20150350381A1 (en) * 2013-01-15 2015-12-03 Hewlett-Packard Development Company, L.P. Vertically-Tiered Client-Server Architecture
JP6098413B2 (en) * 2013-07-23 2017-03-22 富士通株式会社 Classification pattern creation method, classification pattern creation device, and classification pattern creation program
US9949119B2 (en) 2013-12-23 2018-04-17 Nec Corporation Method and system for assessing a message in a decentralized communication network
GB2517844B (en) * 2014-02-25 2015-09-09 Cambridge Silicon Radio Ltd Thwarting traffic analysis
US10111221B2 (en) * 2014-05-30 2018-10-23 Huawei Technologies Co., Ltd. Transmission method and communications device
WO2016163927A1 (en) * 2015-04-10 2016-10-13 Telefonaktiebolaget Lm Ericsson (Publ) Methods and devices for access control of data flows in software defined networking system
US9961076B2 (en) 2015-05-11 2018-05-01 Genesys Telecommunications Laboratoreis, Inc. System and method for identity authentication
DE102015213845A1 (en) * 2015-07-22 2017-01-26 Robert Bosch Gmbh Method and device for validating a time stamp of a data transmission
US10747445B2 (en) * 2015-09-22 2020-08-18 Toshiba Memory Corporation Memory system that selects data to be transmitted from a data buffer through a port
US10628902B2 (en) * 2015-10-07 2020-04-21 Q Link Wireless, LLC Deployable kiosk for providing data input and verification
US9959428B2 (en) * 2016-02-05 2018-05-01 Fujitsu Limited Packet generation and authentication in a process chain
GB2562621A (en) * 2016-02-23 2018-11-21 Nchain Holdings Ltd System and method for controlling asset-related actions via a blockchain
GB2571367A (en) * 2016-02-23 2019-08-28 Nchain Holdings Ltd Tokenisation method and system for implementing exchanges on a blockchain
CN109155915A (en) * 2016-05-18 2019-01-04 华为技术有限公司 Communication means, network side equipment and user equipment
US20180284093A1 (en) * 2017-03-29 2018-10-04 Innit International S.C.A. Trusted Food Traceability System and Method and Sensor Network
US11095432B2 (en) * 2017-04-05 2021-08-17 Samsung Sds Co., Ltd. System for processing data based on blockchain and operating method thereof
US10393857B2 (en) * 2017-04-12 2019-08-27 Qualcomm Incorporated Methods and systems for measuring angle of arrival of signals transmitted between devices
US10102265B1 (en) * 2017-04-12 2018-10-16 Vijay K. Madisetti Method and system for tuning blockchain scalability for fast and low-cost payment and transaction processing
US20200274714A1 (en) * 2017-06-02 2020-08-27 Roberto Jesus Arriola Suson System for, method of, and server computer system for implementing transformation of an original entity into a verifiably authenticable entity in a heterogeneous communications network environment
US10929823B2 (en) * 2017-09-12 2021-02-23 Northwestern University Peer auditing in a blockchain distribution network
KR102042739B1 (en) * 2017-09-22 2019-11-08 서강대학교산학협력단 Apparatus and method for communication using message history-based security key using blockchain
CN109729111B (en) * 2017-10-27 2021-10-08 伊姆西Ip控股有限责任公司 Method, apparatus and computer program product for managing distributed systems
US10887254B2 (en) * 2018-02-01 2021-01-05 Red Hat, Inc. Enterprise messaging using blockchain system
US20190306129A1 (en) * 2018-03-27 2019-10-03 Lenovo (Singapore) Pte. Ltd. Secure communication in a nondeterministic network
US11005664B2 (en) * 2018-04-16 2021-05-11 R3 Ltd. Blockchain post-quantum signature scheme

Cited By (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US11386428B2 (en) 2018-08-07 2022-07-12 Advanced New Technologies Co., Ltd. Dual transaction method and system based on centralization and decentralization
US11611439B2 (en) * 2019-06-11 2023-03-21 Celo Foundation Tree structure for byzantine fault tolerance
US10791143B1 (en) * 2019-06-26 2020-09-29 Alibaba Group Holding Limited Anti-replay device based on memory space interchange
US11102242B2 (en) * 2019-06-26 2021-08-24 Advanced New Technologies Co., Ltd. Anti-replay device based on memory space interchange
US11388190B2 (en) * 2019-06-26 2022-07-12 Advanced New Technologies Co., Ltd. Anti-replay device based on memory space interchange
US12099997B1 (en) 2020-01-31 2024-09-24 Steven Mark Hoffberg Tokenized fungible liabilities
US20230328105A1 (en) * 2022-04-12 2023-10-12 Fortinel, Inc. Systems and methods for implementing a family policy using a cooperative security fabric

Also Published As

Publication number Publication date
WO2020023109A1 (en) 2020-01-30
US20200242128A1 (en) 2020-07-30
US10650023B2 (en) 2020-05-12
US11392615B2 (en) 2022-07-19

Similar Documents

Publication Publication Date Title
US11392615B2 (en) Process for establishing trust between multiple autonomous systems for the purposes of command and control
US9356940B2 (en) Security and access system based on multi-dimensional location characteristics
US9515826B2 (en) Network topology aided by smart agent download
US20230328047A1 (en) Platform and Method for Automated Moving Target Defense
Purchina et al. Securing an Information System via the SSL Protocol.
Kim Securing the Internet of Things via locally centralized, globally distributed authentication and authorization
Altay et al. Gps-sec
US11510062B2 (en) System and method employing virtual ledger
Maurya et al. Security aspects of the internet of drones (IoD)
CN101437228B (en) Method, apparatus and system for implementing wireless business based on smart card
Scarfone et al. Guide to securing WiMAX wireless communications
Nikiforov et al. Structure of information security subsystem in the systems of commercial energy resources accounting
Wang et al. A distributed zero-trust scheme for airborne wireless sensor networks using dynamic identity authentication
Preetha et al. An Assessment of the Security Benefits of Secure Shell (SSH) in Wireless Networks
Sher et al. Lightweight secure authentication protocol for automatic dependent surveillance broadcast system
Anand et al. Enhancing security for iot devices using software defined networking (sdn)
Rull Aixa Analysis and study of data security in the Internet of Things paradigm from a Blockchain technology approach
Dong et al. Post-Quantum Cryptography and TEE for 5G VPN in Power Systems: Assessment and Security
JP7433620B1 (en) Communication method, communication device and computer program
Almulla et al. New secure storage architecture for cloud computing
Iqbal Cybersecurity in Smart Metering: Mitigating risks and ensuring reliability
Sharma et al. Fortified-grid: fortifying smart grids through the integration of the trusted platform module in internet of things devices. Information. 2023; 14 (9): 491
Kumar et al. Novel Authentication Scheme to Increase Security of Vehicular Ad Hoc Networks
Rajasekaran et al. Cyber-security challenges for wireless networked aircraft
Deepika PROTECTION OF INFORMATION IN TELECOMMUNICATION USING BLOCKCHAIN TECHNOLOGY

Legal Events

Date Code Title Description
AS Assignment

Owner name: BOOZ ALLEN HAMILTON, INC., VIRGINIA

Free format text: ASSIGNMENT OF ASSIGNORS INTEREST;ASSIGNORS:MONTGOMERY-RECHT, EVAN;TER BEEST, JAMES J.;REEL/FRAME:046446/0579

Effective date: 20180718

FEPP Fee payment procedure

Free format text: ENTITY STATUS SET TO UNDISCOUNTED (ORIGINAL EVENT CODE: BIG.); ENTITY STATUS OF PATENT OWNER: LARGE ENTITY

STPP Information on status: patent application and granting procedure in general

Free format text: NOTICE OF ALLOWANCE MAILED -- APPLICATION RECEIVED IN OFFICE OF PUBLICATIONS

STCF Information on status: patent grant

Free format text: PATENTED CASE

MAFP Maintenance fee payment

Free format text: PAYMENT OF MAINTENANCE FEE, 4TH YEAR, LARGE ENTITY (ORIGINAL EVENT CODE: M1551); ENTITY STATUS OF PATENT OWNER: LARGE ENTITY

Year of fee payment: 4